Lucene search

K

[email protected]NVD:CVE-2015-1244

HistoryApr 19, 2015 - 10:59 a.m.

CVE-2015-1244

2015-04-1910:59:07

CWE-200

[email protected]

web.nvd.nist.gov

4

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.006

Percentile

78.5%

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch14.10

OR

canonicalubuntu_linuxMatch15.04

Node

debiandebian_linuxMatch8.0

Node

googlechromeRange≤42.0.2311.60

References

googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

lists.opensuse.org/opensuse-updates/2015-11/msg00024.html

rhn.redhat.com/errata/RHSA-2015-0816.html

ubuntu.com/usn/usn-2570-1

www.debian.org/security/2015/dsa-3238

www.securitytracker.com/id/1032209

chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010

code.google.com/p/chromium/issues/detail?id=455215

security.gentoo.org/glsa/201506-04

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.006

Percentile

78.5%

Related for NVD:CVE-2015-1244

cvelist1 debiancve1 cve1 prion1 ubuntucve1 thn1 ubuntu1 nessus9 openvas8 threatpost1 kaspersky1 freebsd1 chrome1 archlinux1 redhat1 mageia1 securityvulns2 osv1 debian2 gentoo1